A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG’s algorithm is not cryptographically strong.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Node.js | Nodejs | 15.0.0 (including) | 15.14.0 (including) |
| Node.js | Nodejs | 16.0.0 (including) | 16.12.0 (including) |
| Node.js | Nodejs | 16.13.0 (including) | 16.17.1 (excluding) |
| Node.js | Nodejs | 18.0.0 (including) | 18.9.1 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:16-8060020221007164523.ad008a3a | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:18-8070020221004121421.bd1311ed | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs-1:16.17.1-1.el9_0 | * |
| Nodejs | Ubuntu | bionic | * |
| Nodejs | Ubuntu | kinetic | * |
| Nodejs | Ubuntu | trusty | * |
| Nodejs | Ubuntu | upstream | * |
| Nodejs | Ubuntu | xenial | * |
When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.